public IHttpActionResult Login()
{
// Transform request context into DTO.
var transformer = new SsoLoginTransformer();
var ssoDto = transformer.Fetch(RequestContext);
var response = _controllerLogic.Login(ssoDto);
IHttpActionResult actionResultResponse = ResponseMessage(response);
return(actionResultResponse);
}
public IHttpActionResult Submit(AccountCredentialDTO credentials)
{
// Credentials is already read and deserialized into a DTO. Validate it.
Validate(credentials);
// Checks for valid model state
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
// Check to make they are not a new SSO user
if (_partialAccountRepository.Exists(d => d.UserName == credentials.Username))
{
var transformer = new SsoLoginTransformer();
var ssoLoginDto = transformer.Fetch(credentials);
var response = _ssoControllerLogic.Login(ssoLoginDto);
return(ResponseMessage(response));
}
// Proccess any other information.
if (!_accountRepository.Exists(d => d.UserName == credentials.Username))
{
return(Unauthorized());
}
if (!_saltRepository.Exists(d => d.UserName == credentials.Username, d => d.Account))
{
return(Unauthorized());
}
Salt salt;
try
{
salt = _saltRepository.GetSingle(d => d.UserName == credentials.Username, d => d.Account);
}
catch (Exception)
{
return(Unauthorized());
}
// Check app DB for user.
Account account;
try
{
account = _accountRepository.GetSingle(d => d.UserName == credentials.Username);
}
catch (Exception)
{
return(Unauthorized());
}
if (!account.AccountStatus)
{
return(BadRequest("SUSPENDED"));
}
// Issue login information
if (account.Password == HashService.Instance.HashPasswordWithSalt(salt.PasswordSalt, credentials.Password, true))
{
var response = new HttpResponseMessage();
JAccessToken token;
var claims = (List <AccountType>)account.AccountTypes;
// JWT token already exists
if (_jwtRepository.Exists(d => d.UserName == account.UserName, d => d.Account))
{
token = _jwtRepository.GetSingle(d => d.UserName == account.UserName, d => d.Account);
token.Value = JwtManager.Instance.GenerateToken(claims);
token.DateTimeIssued = DateTime.UtcNow;
_jwtRepository.Update(token);
}
// JWT does not exist for this user
else
{
token = new JAccessToken
{
Value = JwtManager.Instance.GenerateToken(claims),
UserName = account.UserName,
DateTimeIssued = DateTime.UtcNow
};
_jwtRepository.Insert(token);
}
return(Json(new { AuthToken = token.Value }));
}
// Given password does no match the stored hashed password after being hashed
else
{
return(Unauthorized());
}
}
